| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- # letmeind daemon configuration.
- [GENERAL]
- # This config section holds general options.
- # Enable debugging.
- # This will print verbose syslog messages while modifying the firewall.
- #
- # Possible values: true, false
- debug = true
- # The port that letmeind will listen on.
- # This is the public internet facing port of the daemon.
- #
- # Possible values: Any valid TCP/IP port.
- port = 5800
- # Turn the Linux seccomp feature on.
- #
- # Possible values: off, log, kill
- #
- # off: Seccomp turned off.
- # log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog.
- # kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called.
- seccomp = off
- [NFTABLES]
- # This config section holds the nftables firewall configuration.
- # nftables chain that letmeinfwd will modity.
- family = inet
- table = filter
- chain-input = LETMEIN-INPUT
- # Timeout of installed knock-open rules.
- # Knocked-open ports will be closed again this many seconds after the knocking.
- timeout = 600
- [KEYS]
- # This config section holds the table of users with their corresponding keys.
- #
- # Use command to generate new keys:
- # letmein gen-key
- # User 00000001:
- #00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- # User 00000002:
- #00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- [RESOURCES]
- # This config section holds the table of knock-able ports.
- # Resource ID '1A' maps to TCP port 2000:
- #0000001A = port: 2000
- # Resource ID '1B' maps to TCP port 3500:
- #0000001B = port: 3500
- # A resource can be restricted to one or more users.
- # Restricted to users 1 and 2:
- #0000001C = port: 4500 / users: 00000001, 00000002
- # Restricted to user 1:
- #0000001D = port: 5500 / users: 00000001
- # Open port 6500 for TCP and UDP.
- #0000001E = port: 6500 / tcp,udp
|
